Application No. 09/618,202 

KENJI YAMAGAMI 

Reply to Office Action of July 19, 2006 



PATENT 



AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings of claims in the application: 
Listing of Claims: 

1 . (Currently amended) A method of controlling security of data in a storage 
system having a local disk system and a remote disk system that are coupled to at least one host 
computer, the method comprising: 

in the local disk system coupled to a first host computer and a management 
console , the local disk system having first and second volumes of storage, the first and second 
volumes being associated with first and second encryption keys, respectivel y, the first and 
second encryption keys being provided to the local disk system by the management console : 

when a write of data is to be made to the first volume of the local disk 
system, retrieving the first encryption key; 

encrypting the data using the first encryption key, the encrypting being 
performed by the local disk system; 

transferring the encrypted data to the remote disk system via a first 
communication link; then 

in the remote disk system coupled to a second host computer : 

determining whether the data is to be stored in an encrypted form or a 
decrypted form, the determining being performed by the remote disk system; 

determining an address for storage of the data in the remote disk system; 

if the data is to be stored in a decrypted form, decrypting and writing the 
data in the remote disk system; 

if the data is to be stored in an encrypted form, writing the data in the 
remote disk system without decrypting the data; and 

notifying the local disk system via the first communication link that the 
step of writing the data is complete, 
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wherein the local disk system is coupled to the first host computer via a second 
communication link to allow the first host computer to access data stored in the local disk 
system, the first and second commxmication links being different, 

wherein the remote disk system includes third and fourth volumes corresponding 
to the first and second volumes, respectively. 

2. (Currently amended) A method of controlling security of data in a storage 
system having a local disk system and a remote disk system that are coupled to at least one host 
computer, the method comprising: 

in the local disk system coupled to a first host computer and a management 
console, the local disk system having a first set of volumes of storage and a second set of 
volumes of storage, the first and second sets of volumes being associated with first and second 
encryption keys, respectively, the first and second encryption keys being provided to the local 
disk system by the management console : 

when a write of data is to be made to the local disk system, retrieving the 
first encryption key, wherein the first encryption key is a previously stored encryption key; 

encrypting the data using the first encryption key, the encrypting being 
performed by the local disk system; 

transferring the encrypted data to the remote disk system via a first 
communication Unk; then 

in the remote disk system: 

determining whether the data is to be stored in an encrypted form, the 
determining being performed by the remote disk system; 

determining an address for storage of the data in the remote disk system; 

if the data is to be stored in a decrypted form, decrypting and writing the 
data in the remote disk system; 

if the data is to be stored in an encrypted form, writing the data in the 
remote disk system without decrypting the data; and 
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notifying the local disk system via the first communication link that the 
step of writing the data is complete, 

wherein the local disk system is coupled to the first host computer via a second 
communication link to allow the first host computer to access data stored in the local disk 
system, the first and second communication links being different, 

wherein the method further comprises maintaining an encryption control table on 
the local disk system, the encryption control table including a list of encryption keys for selected 
volumes of the local and the remote disk system, the list of encryption keys including the first 
and second encryption keys, 

wherein the data transfer between the local disk system and the remote disk 
system occurs via the first a communication link that couples the local disk system to the remote 
disk system, so that the local disk system may send the data to the remote disk system without 
direct involvement fi-om the host computer, 

whoroin, the first k e y b e ing assign e d to a first s e t of volum e s in the local disk 
system, and th e s e cond key being assign e d to a s e cond s e t of volum e s in th e local disk syst e m, 
e ach of th e first and s e cond s e t of volum e s including on e or more volum e s, 

wherein the retrieving step includes accessing the encryption control table to 
obtain an appropriate encryption key, where the data are encrypted using the first key if the data 
to be transferred to the remote disk system are associated with the first set of volumes and 
encrypted using the second key if the data to be transferred to the remote disk system are 
associated with the second set of volumes, 

wherein the remote disk system is coupled to a second host computer. 

3. (Original) A method as in claim 2 wherein the list of encryption keys 
further includes information relating to the use and non-use of encryption on the local disk 
system. 
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4. (Original) A method as in claim 2 wherein the list of encryption keys 
further includes information relating to the use and non-use of encryption on the remote disk 
system. 

5. (Currently amended) A method as in claim 3 wherein the encryption keys 
are k e y is applicable to less than all of the storage on the local disk system. 

6. (Currently amended) A method as in claim 4 wherein the encryption keys 
are k e y is applicable to less than all of the storage on the remote disk system. 

7. (Currently amended) A method as in claim 3 wherein the encryption keys 
are k e y is applicable to at least one disk on the local disk system. 

8. (Currently amended) A method as in claim 7 wherein the encryption keys 
are k e y is applicable to at least one disk on the remote disk system. 

9. (Currently amended) A method for changing an encryption key while 
operating a storage system having a local disk system and a remote disk system , the method 
comprising: 

providing an encryption key to the local disk system, the encryption key being 
provided by a management console coupled to the local disk system; 

storing the [[an]] encryption key in a memory in the local disk system; 

transmitting the encryption key to the remote disk system and storing it in a 
m e mory th e r e via a first communication link coupling the local and remote disk systems; 

storing the encryption key in a memory in the remote disk system; 

in the local disk system, determining a boundary for use of the encryption key by 
the local disk system; 

in the remote disk system, receiving the boundary from the local disk system by 
the remote disk system; 
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in both the local and the remote disk systems, deteraaining a relationship of 
present operations to the boundary by each of the local and remote disk systems; 

in both the local and the remote disk systems, waiting for the boundary and then 
changing the encryption key for data stored thereafter by each of the local and remote disk 
systems, 

wherein the local disk system is coupled to a first host computer via a second 
communication link that is different than the first communication link. 

10. (Original) A method as in claim 9 wherein operations before the boundary 
are performed using a first encryption key and operations after the boundary are performed using 
a second encryption key. 

1 1 . (Original) A method as in claim 9 wherein the boundary is defined by 
counting input/output operations and using the count to define the boundary. 

12. (Canceled) 

1 3 . (Currently amended) A method of controlling encryption in a storage 
system having a local disk system and a remote disk svstem . the method comprising: 

providing an encryption kev to the local disk system, the encryption kev being 
provided by a management console coupled to the local disk system: 

maintaining a control tabl e in e ach of th e local disk syst e m and th e remot e disk 

syst e m; 

determining a boundary in the local disk system where encryption is to be 
switched to an opposite state, the determining performed by the local disk syste m, wherein the 
boundary is associated with the encryption key ; 

transmitting the encryption key and the corresponding boimdarv to the remote 

disk system: 

in the remot e disk syst e m, receiving a corresponding boundary fi-om th e r e mot e 

disk system; 
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in both the local and the remote disk system, determining a relationship of present 
operations to the boundary; 

in both the local and the remote disk system^ waiting for the boundary, and then 
changing the encryption to the opposite state, 

wherein the local disk system is coupled to a first host computer via a first 
communication link, and the remote disk system is coupled to a second host computer via a 
second communication link, the local disk system and the remote disk system being coupled to 
each other via a third commtmication link, the third communication link being different than the 
first or second communication link. 

14. (Currently amended) A method as in claim 13 wherein operations 
performed before the boundary are either encrypted or not encrypted, and operations performed 
after the boundary are either not encrypted or encrypted oppositely to those operations performed 
before the boundary. 

15. (Original) A method as in claim 14 wherein the boundary is defined by 
counting input/output operations and using the count to define the boundary. 

16. (Currently amended) A method of controlling encryption in a storage 
system having a local disk system and a remote disk svstem , the method comprising: 

providing first and second encryption keys to the local disk system, the first and 
second encryption keys being provided by a management console coupled to the local disk 
system: 

storing the first and second encryption keys in a memory in the local disk system 
that is coupled to a host computer via a first communication link, the first and second encryption 
keys being assigned to first and second volumes of the local disk system, respectively; 

transmitting via a second communication link the first and second encryption keys 
[[key]]to the remote disk system and storing it in a m e mory th e r e, the remote disk system 
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including third and fourth volumes corresponding to the first and second volumes volum e, 
respectively; 

storing the first and second encryption keys in a memory in the remote disk 

system; 

sphtting the local disk system fi-om the remote disk system to allow the local disk 
system and the remote disk system [[them]] to operate independently, wherein the sphtting is 
performed according to a first command issued by one of: the local disk system or the remote 
disk system; 

switching encryption to an opposite state fi"om a previous state after splitting the 
local disk system and remote disk system; and 

re-synchronizing the local disk system and the remote disk system, wherein the 
re-synchronizing is performed according to a second command issued by one of: the local disk 
system or remote disk system, 

wherein the first and second communication links ^ b e ing different. 

17. (Currently amended) A storage system comprising: 
a local disk system including a plurality of volumes of media for storing data, the 
[[said]] local disk system being coupled to a host computer via a first communication link to 
enable the host computer to access the [[said]] volumes, the plurality of volumes in the local disk 
system including first and second volumes that are associated with first and second encryption 
keys, respectively; 

a management console coupled to the local disk system, the first and second 
encryption keys being provided to the local disk system by the management console; 

a remote disk system including a plurality of additional volumes of media for 
storing data; and 

a second communication communications link coupling the local disk system to 
the remote disk system, 
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wherein the local disk system determines whether encryption is to be employed in 
the data associated with the first volume in the local disk system, and if so, the local disk system 
encrypts the data to be transferred to the remote disk system using the first encryption key, and 

wherein the remote disk system determines whether to store the data in either 
encrypted form or unencrypted form and stores the data in the determined [[that]] form in the 
remote disk system, and notifies the local disk system that the data has been stored via the 
second communication link, 

wherein the first and second communication links are different. 

18. (Currently amended) A system as in claim 17 fiirther comprising an 
encryption control table stored on the local disk system, the encryption control table including a 
list of encryption keys for selected volumes of the local disk system and the remote disk system. 

19. (Currently amended) A system as in claim 18 wherein the list of 
encryption keys fiirther includes information relating to the use and non-use of encryption on the 
local disk system. 

20. (Currently amended) A system as in claim 19 wherein the list of 
encryption keys further includes information relating to the use and non-use of encryption on the 
remote disk system. 

2 1 . (Currently amended) A system as in claim 20 wherein the &st encryption 
key is applicable to less than all of the storage on the local disk system. 

22. (Currently amended) A system as in claim 21 wherein the first encryption 
key is applicable to less than all of the storage on the remote disk system. 

23-25. (Canceled) 

26. (Currently amended) A system for controlling encryption in a storage 
system having a local disk system and a remote disk svstem , the system comprising: 
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a local memory in the local disk system for storing a first encryption key assigned 
to a first volume in the local disk system and a second encryption key assigned to a second 
volume in the local disk system; 

a management console coupled to the local disk system, the first and second 
encryption keys being provided to the local disk system bv the management console; 

a first communications link for transmitting the first and second encryption keys 
to the remote disk system and storing the first and second encryption keys in a remote memory 
of the remote disk system; 

a first computer program for splitting the local disk system fi-om the remote disk 
system to allow the local disk system and the remote disk system [[them]] to operate 
independently; 

a switch for changing encryption to an opposite state fi"om a previous state after 
splitting in the local disk system and remote disk system; and 

a second computer program for re-synchronizing the local disk system and the 
remote disk system, 

wherein the local disk system is coupled to a host computer via a second 
communication link that is different than the first communication link, 

wherein the local disk system is configured to execute the first computer program 
or the second computer program, or both, 

wherein the local disk system is configured to encrypt data to be transferred to the 
remote disk system using one of: the first and second encryption keys key that is stored in the 
local memory of the local disk system. 

27. (Currently amended) A method of controlling security of data in a storage 
system having a local disk system and a remote disk system , the method comprising: 

in the local disk system coupled to a management console , th e local disk system 
including first and s e cond volum e s that ar e assign e d first and s e cond encryption k e ys, 
r e sp e ctively : 
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receiving first and second encryption keys from the management console: 
assigning first and second volumes to the first and second encryption keys, 

respectively: 

receiving a data update request from a host computer connected to the 
local disk system, syst e m wherein the [[said]] data update request includes a location of the first 
volume in [[of]]the local disk system, the host computer being connected to the local disk system 
via a first communication link; 

encrypting the data associated with the first volume of the local disk 
system using the first encryption ke y, the encryption being performed by the local disk system; 

transferring the encrypted data to the remote disk system via a second 
communication link by the local disk syst e m ; then 
in the remote disk system: 

decrypting the data using the first encryption key by th e remot e disk 

syst e m ; and 

writing the decrypted data into a third volume of the remote disk system 
by th e r e mote disk syst e m , 

wherein the first and second communication links are different. 

28-29. (Canceled) 

30. (Currently amended) A storage system comprising: 

a local disk system including first and second storage volumes for storing data, 
the first and second volumes being assigned to [[with]] first and second encryption keys, 
respectively, wherein the local disk system is connected to a host computer via a first 
communication link; 

a management console coupled to the local disk system, the first and second 
encryption keys being provided to the local disk system by the management console: 

a remote disk system including third and fourth storage volumes, respectively, for 

storing data; 
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a second communications link coupling the local disk system to the remote disk 
system, the first and second communication links being different, 

wherein the local disk system retrieves selected data from the first volume in the 
local disk system, encrypts the selected data using the first encryption key, and transmits the 
encrypted data to the remote disk system, and 

wherein the remote disk system decrypts the encrypted data received from the 
local disk system via the second communications link and stores the data in unencrypted form in 
the third volume in the remote disk system. 

3 1 . (Currently amended) A system as in claim 30 further comprising an 
encryption control table stored on the local disk system, the encryption control table including 
the first [[firs]] and second encryption keys. 

32. (Currently amended) A method of controlling security of data in a disk 
system coupled to a management console, a host computer and a remote storage system, the 
method comprising: 

receiving, at the disk system, first and second encryption keys from the 
management console; 

assigning first and second volumes to the first and second encryption keys, 

respectively; 

at th e disk system, receivin g, at the disk system, data to be stored from the host 
computer via a first communication link, so that the data being can b e stored in a given area in 
the disk system , th e disk systom including first and second volum e that ar e assign e d first and 
s e cond e ncryption keys, r e sp e ctiv e ly, ; 

encrypting the data received from the host computer using one of: the first or 
second encryption keys [[key]] according to the location of the given area, wherein the first 
encryption key is used if the given area is in the first volume and the second encryption key is 
used if the given area is in the second volume, the encrypting being performed by the disk 
system; and 
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transferring the encrypted data from the disk system to the remote storage system 
via a second communication Unk. Unlc by the disk syst e m, so that the encrypted data being stored 
in the remote storage system can stor e tho data th e r e in . 

33-34. (Canceled) 
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